{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:06:23Z","timestamp":1773511583981,"version":"3.50.1"},"reference-count":159,"publisher":"Emerald","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,3,26]]},"abstract":"<jats:p>This work presents a comprehensive exploration of Reverse Engineering of Deceptions (RED) in the field of adversarial machine learning. It delves into the intricacies of machine- and human-centric attacks, providing a holistic understanding of how adversarial strategies can be reverse-engineered to safeguard AI systems. For machine-centric attacks, we cover reverse engineering methods for pixel-level perturbations, adversarial saliency maps, and victim model information in adversarial examples. In the realm of human-centric attacks, the focus shifts to generative model information inference and manipulation localization from generated images. Through this work, we offer a forward-looking perspective on the challenges and opportunities associated with RED. In addition, we provide foundational and practical insights in the realms of AI security and trustworthy computer vision.<\/jats:p>","DOI":"10.1561\/3300000039","type":"journal-article","created":{"date-parts":[[2024,3,26]],"date-time":"2024-03-26T06:39:25Z","timestamp":1711435165000},"page":"53-152","source":"Crossref","is-referenced-by-count":7,"title":["Reverse Engineering of Deceptions on Machine- and Human-Centric Attacks"],"prefix":"10.1561","volume":"6","author":[{"given":"Yuguang","family":"Yao","sequence":"first","affiliation":[{"name":"Michigan State University","place":["USA"]}]},{"given":"Xiao","family":"Guo","sequence":"additional","affiliation":[{"name":"Michigan State University","place":["USA"]}]},{"given":"Vishal","family":"Asnani","sequence":"additional","affiliation":[{"name":"Michigan State University","place":["USA"]}]},{"given":"Yifan","family":"Gong","sequence":"additional","affiliation":[{"name":"Northeastern University","place":["USA"]}]},{"given":"Jiancheng","family":"Liu","sequence":"additional","affiliation":[{"name":"Michigan State University","place":["USA"]}]},{"given":"Xue","family":"Lin","sequence":"additional","affiliation":[{"name":"Northeastern University","place":["USA"]}]},{"given":"Xiaoming","family":"Liu","sequence":"additional","affiliation":[{"name":"Michigan State University","place":["USA"]}]},{"given":"Sijia","family":"Liu","sequence":"additional","affiliation":[{"name":"Michigan State University","place":["USA"]}]}],"member":"140","published-online":{"date-parts":[[2024,3,26]]},"reference":[{"key":"2025121518574349300_ref001","first-page":"484","article-title":"Square attack: a query-efficient black-box adversarial attack via random search","author":"Andriushchenko","year":"2020","journal-title":"Computer Vision\u2013ECCV 2020: 16th European Conference, Glasgow, UK, August 23\u201328, 2020, Proceedings, Part XXIII"},{"key":"2025121518574349300_ref002","article-title":"Proactive Image Manipulation Detection","author":"Asnani","year":"2022","journal-title":"CVPR"},{"key":"2025121518574349300_ref003","first-page":"12343","article-title":"Malp: Manipula- tion localization using a proactive scheme","author":"Asnani","year":"2023","journal-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recogni- tion"},{"key":"2025121518574349300_ref004","doi-asserted-by":"crossref","DOI":"10.1109\/TPAMI.2023.3301451","article-title":"Reverse engi- neering of generative models: Inferring model hyperparameters from generated images","author":"Asnani","year":"2023","journal-title":"IEEE Transactions on Pattern Analysis and Machine Intelligence"},{"key":"2025121518574349300_ref005","article-title":"Synthesizing Robust Adversarial Examples","author":"Athalye","year":"2018","journal-title":"International Conference on Machine Learning (ICML)"},{"key":"2025121518574349300_ref006","first-page":"515","article-title":"{CSI}{NN}: Reverse engineering of neural network architectures through elec- tromagnetic side channel","author":"Batina","year":"2019","journal-title":"28th USENIX Security Symposium (USENIX Security 19)"},{"issue":"11","key":"2025121518574349300_ref007","doi-asserted-by":"crossref","first-page":"2691","DOI":"10.1109\/TIFS.2018.2825953","article-title":"Constrained convolutional neural networks: A new approach towards general purpose image manipu- lation detection","volume":"13","author":"Bayar","year":"2018","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"2025121518574349300_ref008","article-title":"Visual Interpretability Alone Helps Adversarial Robust- ness","author":"Boopathy","year":"2020"},{"issue":"5","key":"2025121518574349300_ref009","doi-asserted-by":"crossref","first-page":"1181","DOI":"10.1109\/TIFS.2018.2871749","article-title":"Deep residual network for steganalysis of digital images","volume":"14","author":"Boroumand","year":"2018","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"2025121518574349300_ref010","article-title":"Understanding disentangling in \u03b2-VAE","author":"Burgess","year":"2017","journal-title":"NeurIPS"},{"key":"2025121518574349300_ref011","first-page":"671","article-title":"The Laplacian pyramid as a compact image code","author":"Burt","year":"1987","journal-title":"Readings in computer vision"},{"key":"2025121518574349300_ref012","article-title":"Towards evaluating the robustness of neural networks","author":"Carlini","year":"2017","journal-title":"IEEE Symposium on Security and Privacy (S&P)"},{"key":"2025121518574349300_ref013","first-page":"5253","article-title":"Extracting training data from diffusion models","author":"Carlini","year":"2023","journal-title":"32nd USENIX Security Symposium (USENIX Security 23)"},{"key":"2025121518574349300_ref014","article-title":"What makes fake images detectable? Understanding properties that generalize","author":"Chai","year":"2020","journal-title":"ECCV"},{"issue":"04","key":"2025121518574349300_ref015","doi-asserted-by":"crossref","first-page":"3438","DOI":"10.1609\/aaai.v34i04.5747","article-title":"Measuring and relieving the over-smoothing problem for graph neural networks from the topological view","volume":"34","author":"Chen","year":"2020","journal-title":"Proceedings of the AAAI conference on artificial intelligence"},{"key":"2025121518574349300_ref016","article-title":"Isolat- ing Sources of Disentanglement in Variational Autoencoders","author":"Chen","year":"2018","journal-title":"NeurIPS"},{"key":"2025121518574349300_ref017","first-page":"598","article-title":"Quarantine: Sparsity can uncover the trojan attack trigger for free","author":"Chen","year":"2022","journal-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition"},{"key":"2025121518574349300_ref018","article-title":"Image manipulation detection by multi-view multi-scale supervision","author":"Chen","year":"2021","journal-title":"ICCV"},{"key":"2025121518574349300_ref019","article-title":"Targeted backdoor attacks on deep learning systems using data poisoning","author":"Chen","year":"2017","journal-title":"arXiv preprint arXiv:1712.05526"},{"key":"2025121518574349300_ref020","first-page":"5177","article-title":"Multi-label image recognition with graph convolutional networks","author":"Chen","year":"2019","journal-title":"Proceed- ings of the IEEE\/CVF conference on computer vision and pattern recognition"},{"key":"2025121518574349300_ref021","article-title":"StarGAN: Unified generative adversarial networks for multi-domain image-to-image translation","author":"Choi","year":"2018","journal-title":"CVPR"},{"key":"2025121518574349300_ref022","article-title":"Forensictransfer: Weakly-supervised domain adapta- tion for forgery detection","author":"Cozzolino","year":"2018","journal-title":"arXiv preprint arXiv:1812.02510"},{"issue":"1","key":"2025121518574349300_ref023","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1109\/MSP.2017.2765202","article-title":"Generative adversarial networks: An overview","volume":"35","author":"Creswell","year":"2018","journal-title":"IEEE signal processing magazine"},{"key":"2025121518574349300_ref024","article-title":"Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks","author":"Croce","year":"2020","journal-title":"International Conference on Machine Learning (ICML)"},{"key":"2025121518574349300_ref025","article-title":"On the detection of digital face manipulation","author":"Dang","year":"2020","journal-title":"CVPR"},{"key":"2025121518574349300_ref026","article-title":"Reverse Engineering of Deceptions","author":"DARPA.","year":"2021"},{"key":"2025121518574349300_ref027","article-title":"ImageNet: A large-scale hierarchical image database","author":"Deng","year":"2009","journal-title":"CVPR"},{"issue":"6","key":"2025121518574349300_ref028","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1109\/MSP.2012.2211477","article-title":"The MNIST database of handwritten digit images for machine learning research [best of the web]","volume":"29","author":"Deng","year":"2012","journal-title":"Signal Processing Magazine"},{"key":"2025121518574349300_ref029","article-title":"Diffusion models beat gans on image synthesis","author":"Dhariwal","year":"2021","journal-title":"NeurIPS"},{"key":"2025121518574349300_ref030","first-page":"15848","article-title":"Inter- action via bi-directional graph of semantic region affinity for scene parsing","author":"Ding","year":"2021","journal-title":"Proceedings of the IEEE\/CVF International Conference on Computer Vision"},{"key":"2025121518574349300_ref031","article-title":"MVSS-Net: Multi- View Multi-Scale Supervised Networks for Image Manipulation Detection","author":"Dong","year":"2022","journal-title":"IEEE Transactions on Pattern Analysis and Machine Intelligence"},{"key":"2025121518574349300_ref032","first-page":"422","article-title":"Casia image tampering detection evaluation database","author":"Dong","year":"2013","journal-title":"2013 IEEE China Summit and International Conference on Signal and Information Processing"},{"key":"2025121518574349300_ref033","first-page":"7890","article-title":"Watch your up-con- volution: Cnn based generative deep neural networks are failing to reproduce spectral distributions","author":"Durall","year":"2020","journal-title":"Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition"},{"key":"2025121518574349300_ref034","first-page":"34","article-title":"When Does Contrastive Learning Preserve Adversarial Robustness from Pre- training to Finetuning?","author":"Fan","year":"2021","journal-title":"Advances in Neural Information Processing Systems"},{"key":"2025121518574349300_ref035","doi-asserted-by":"crossref","first-page":"417","DOI":"10.1145\/3308558.3313488","article-title":"Graph neural networks for social recommendation","author":"Fan","year":"2019","journal-title":"The world wide web conference"},{"key":"2025121518574349300_ref036","article-title":"The lottery ticket hypothesis: Find- ing sparse, trainable neural networks","author":"Frankle","year":"2018","journal-title":"arXiv preprint arXiv:1803.03635"},{"key":"2025121518574349300_ref037","first-page":"1322","article-title":"Model inversion attacks that exploit confidence information and basic countermea- sures","author":"Fredrikson","year":"2015","journal-title":"Proceedings of the 22nd ACM SIGSAC conference on computer and communications security"},{"key":"2025121518574349300_ref038","article-title":"Practical Membership Inference Attacks against Fine-tuned Large Language Models via Self-prompt Calibration","author":"Fu","year":"2023","journal-title":"arXiv preprint arXiv:2311.06062"},{"key":"2025121518574349300_ref039","article-title":"Attribution of gradient based adver- sarial attacks for reverse engineering of deceptions","author":"Goebel","year":"2021","journal-title":"arXiv preprint arXiv:2103.11002"},{"key":"2025121518574349300_ref040","article-title":"Reverse engineering of imperceptible adversarial image perturba- tions","author":"Gong","year":"2022","journal-title":"arXiv preprint arXiv:2203.14145"},{"key":"2025121518574349300_ref041","article-title":"Generative adversarial nets","author":"Goodfellow","year":"2014","journal-title":"NeurIPS"},{"key":"2025121518574349300_ref042","article-title":"Explaining and harnessing adversarial examples","author":"Goodfellow","year":"2014","journal-title":"arXiv preprint arXiv:1412.6572"},{"key":"2025121518574349300_ref043","first-page":"1","article-title":"Are GAN generated images easy to detect? A critical anal- ysis of the state-of-the-art","author":"Gragnaniello","year":"2021","journal-title":"2021 IEEE international conference on multimedia and expo (ICME)"},{"key":"2025121518574349300_ref044","article-title":"Badnets: Identifying vulnerabilities in the machine learning model supply chain","author":"Gu","year":"2017","journal-title":"arXiv preprint arXiv:1708.06733"},{"key":"2025121518574349300_ref045","article-title":"DeepFake Detection by Analyzing Convolutional Traces","author":"Guarnera","year":"2020","journal-title":"CVPR Workshops"},{"key":"2025121518574349300_ref046","article-title":"Tracing Hyperparam- eter Dependencies for Model Parsing via Learnable Graph Pooling Network","author":"Guo","year":"2023","journal-title":"arXiv preprint arXiv:2312.02224"},{"key":"2025121518574349300_ref047","article-title":"Hierar- chical Fine-Grained Image Forgery Detection and Localization","author":"Guo","year":"2023","journal-title":"In Proceeding of IEEE Computer Vision and Pattern Recognition"},{"key":"2025121518574349300_ref048","article-title":"Multi-domain Learning for Updating Face Anti-spoofing Models","author":"Guo","year":"2022","journal-title":"ECCV"},{"key":"2025121518574349300_ref049","doi-asserted-by":"crossref","first-page":"241","DOI":"10.18653\/v1\/P19-1024","article-title":"Attention Guided Graph Convolutional Networks for Relation Extraction","author":"Guo","year":"2019","journal-title":"Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics"},{"key":"2025121518574349300_ref050","article-title":"Scalable Attribution of Adversarial Attacks via Multi-Task Learning","author":"Guo","year":"2023","journal-title":"arXiv preprint arXiv:2302.14059"},{"key":"2025121518574349300_ref051","first-page":"28","article-title":"Learning both weights and connections for efficient neural network","author":"Han","year":"2015","journal-title":"Advances in neural information processing systems"},{"key":"2025121518574349300_ref052","article-title":"Deep residual learning for image recognition","author":"He","year":"2016","journal-title":"Proceedings of the IEEE conference on computer vision and pattern recognition"},{"key":"2025121518574349300_ref053","article-title":"From a Sleazy Reddit Post to a National Security Threat: A Closer Look at the Deepfake Discourse","author":"Heath","year":"2019","journal-title":"Disinfor- mation and Digital Democracies in the 21st Century"},{"key":"2025121518574349300_ref054","first-page":"6840","article-title":"Denoising diffusion probabilistic models","volume":"33","author":"Ho","year":"2020","journal-title":"Advances in Neural Information Processing Systems"},{"key":"2025121518574349300_ref055","article-title":"Membership inference of diffusion models","author":"Hu","year":"2023","journal-title":"arXiv preprint arXiv:2301.09956"},{"key":"2025121518574349300_ref056","first-page":"312","article-title":"SPAN: spatial pyramid attention network for image manip- ulation localization","author":"Hu","year":"2020","journal-title":"European Conference on Computer Vision"},{"key":"2025121518574349300_ref057","first-page":"1","article-title":"Reverse engineering convo- lutional neural networks through side-channel information leaks","author":"Hua","year":"2018","journal-title":"Proceedings of the 55th Annual Design Automation Conference"},{"key":"2025121518574349300_ref058","doi-asserted-by":"crossref","first-page":"2657","DOI":"10.1109\/TIFS.2022.3141262","article-title":"FakeLo- cator: Robust localization of GAN-based face manipulations","volume":"17","author":"Huang","year":"2022","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"2025121518574349300_ref059","article-title":"Black-box Adversarial Attacks with Limited Queries and Information","author":"Ilyas","year":"2018","journal-title":"arXiv preprint arXiv:1804.08598"},{"key":"2025121518574349300_ref060","article-title":"A Survey on Generative Adversarial Networks: Variants, Applications, and Training","author":"Jabbar","year":"2020","journal-title":"arXiv preprint arXiv:2006.05132"},{"key":"2025121518574349300_ref061","first-page":"22456","article-title":"Uncer- tainty-guided Learning for Improving Image Manipulation Detec- tion","author":"Ji","year":"2023","journal-title":"Proceedings of the IEEE\/CVF International Conference on Computer Vision"},{"key":"2025121518574349300_ref062","article-title":"Face de-spoofing: Anti- spoofing via noise modeling","author":"Jourabloo","year":"2018","journal-title":"ECCV"},{"key":"2025121518574349300_ref063","article-title":"Progressive growing of GANs for improved quality, stability, and variation","author":"Karras","year":"2018","journal-title":"ICLR"},{"key":"2025121518574349300_ref064","first-page":"4401","article-title":"A style-based generator architecture for generative adversarial networks","author":"Karras","year":"2019","journal-title":"CVPR"},{"key":"2025121518574349300_ref065","article-title":"Auto-Encoding Variational Bayes","author":"Kingma","year":"2014","journal-title":"ICLR"},{"key":"2025121518574349300_ref066","article-title":"Adam: A Method for Stochastic Opti- mization","author":"Kingma","year":"2015","journal-title":"International Conference on Learning Representations (ICLR)"},{"key":"2025121518574349300_ref067","article-title":"Semi-supervised classification with graph convolutional networks","author":"Kipf","year":"2016","journal-title":"arXiv preprint arXiv:1609.02907"},{"key":"2025121518574349300_ref068","article-title":"Learning multiple layers of features from tiny images","author":"Krizhevsky","year":"2009"},{"issue":"7553","key":"2025121518574349300_ref069","doi-asserted-by":"crossref","first-page":"436","DOI":"10.1038\/nature14539","article-title":"Deep learning","volume":"521","author":"LeCun","year":"2015","journal-title":"nature"},{"key":"2025121518574349300_ref070","first-page":"9267","article-title":"Deepgcns: Can gcns go as deep as cnns?","author":"Li","year":"2019","journal-title":"Proceedings of the IEEE\/CVF international conference on computer vision"},{"key":"2025121518574349300_ref071","article-title":"Faceshifter: Towards high fidelity and occlusion aware face swapping","author":"Li","year":"2020","journal-title":"CVPR"},{"key":"2025121518574349300_ref072","article-title":"Practical no-box adversarial attacks against DNNs","author":"Li","year":"2020","journal-title":"Advances in Neural Information Processing Systems (NeurIPS)"},{"key":"2025121518574349300_ref073","article-title":"Defense against Adversarial Attacks Using High-Level Representa- tion Guided Denoiser","author":"Liao","year":"2018","journal-title":"arXiv:1712.02976 [cs]"},{"key":"2025121518574349300_ref074","article-title":"Progressive neural architecture search","author":"Liu","year":"2018","journal-title":"ECCV"},{"key":"2025121518574349300_ref075","first-page":"3673","article-title":"Stgan: A unified selective transfer network for arbitrary image attribute editing","author":"Liu","year":"2019","journal-title":"Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition"},{"key":"2025121518574349300_ref076","article-title":"signSGD via Zeroth-Order Oracle","author":"Liu","year":"2019","journal-title":"International Conference on Learning Representations"},{"issue":"5","key":"2025121518574349300_ref077","doi-asserted-by":"crossref","first-page":"43","DOI":"10.1109\/MSP.2020.3003837","article-title":"A primer on zeroth-order optimization in signal processing and machine learning: Principals, recent advances, and applications","volume":"37","author":"Liu","year":"2020","journal-title":"IEEE Signal Processing Magazine"},{"key":"2025121518574349300_ref078","doi-asserted-by":"crossref","DOI":"10.1109\/TCSVT.2022.3189545","article-title":"PSCC-Net: Progressive spatio-channel correlation network for image manipulation detection and localization","author":"Liu","year":"2022","journal-title":"IEEE Transactions on Circuits and Systems for Video Technology"},{"key":"2025121518574349300_ref079","first-page":"3730","article-title":"Deep learning face attributes in the wild","author":"Liu","year":"2015","journal-title":"Proceedings of the IEEE international conference on computer vision"},{"key":"2025121518574349300_ref080","article-title":"Foveation- based mechanisms alleviate adversarial examples","author":"Luo","year":"2015","journal-title":"arXiv preprint arXiv:1511.06292"},{"key":"2025121518574349300_ref081","article-title":"Towards deep learning models resistant to adversarial attacks","author":"Madry","year":"2017","journal-title":"arXiv preprint arXiv:1706.06083"},{"key":"2025121518574349300_ref082","article-title":"Perturbation Type Cat- egorization for Multiple $\\ell_p$ Bounded Adversarial Robustness","author":"Maini","year":"2021"},{"key":"2025121518574349300_ref083","doi-asserted-by":"crossref","first-page":"384","DOI":"10.1109\/MIPR.2018.00084","article-title":"Detection of gan-generated fake images over social networks","author":"Marra","year":"2018","journal-title":"2018 IEEE conference on multimedia information processing and retrieval (MIPR)"},{"key":"2025121518574349300_ref084","doi-asserted-by":"crossref","DOI":"10.1109\/MIPR.2019.00103","article-title":"Do gans leave artificial fingerprints?","author":"Marra","year":"2019","journal-title":"IEEE conference on multimedia information processing and retrieval (MIPR)"},{"key":"2025121518574349300_ref085","article-title":"Incremen- tal learning for the detection and classification of GAN-generated images","author":"Marra","year":"2019","journal-title":"WIFS"},{"key":"2025121518574349300_ref086","article-title":"Two-branch recurrent network for isolating deepfakes in videos","author":"Masi","year":"2020","journal-title":"ECCV"},{"key":"2025121518574349300_ref087","article-title":"Learned forensic source similarity for unknown camera models","author":"Mayer","year":"2018","journal-title":"ICASSP"},{"key":"2025121518574349300_ref088","article-title":"Detecting GAN-generated imagery using saturation cues","author":"McCloskey","year":"2019","journal-title":"ICIP"},{"key":"2025121518574349300_ref089","first-page":"14498","article-title":"Scattering gcn: Overcom- ing oversmoothness in graph convolutional networks","volume":"33","author":"Min","year":"2020","journal-title":"Advances in neural information processing systems"},{"key":"2025121518574349300_ref090","first-page":"7677","article-title":"Sample efficient detection and classi- fication of adversarial attacks via self-supervised embeddings","author":"Moayeri","year":"2021","journal-title":"Proceedings of the IEEE\/CVF international conference on computer vision"},{"key":"2025121518574349300_ref091","article-title":"Scalable Extraction of Training Data from (Production) Language Models","author":"Nasr","year":"2023","journal-title":"arXiv preprint arXiv:2311.17035"},{"key":"2025121518574349300_ref092","article-title":"Columbia image splicing detection evaluation dataset","author":"Ng","year":"2009","journal-title":"DVMM lab. Columbia Univ CalPhotos Digit Libr"},{"key":"2025121518574349300_ref093","first-page":"3492","article-title":"Graph-based person signature for person re- identifications","author":"Nguyen","year":"2021","journal-title":"Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition"},{"key":"2025121518574349300_ref094","article-title":"Reverse engineering adver- sarial attacks with fingerprints from adversarial examples","author":"Nicholson","year":"2023","journal-title":"arXiv preprint arXiv:2301.13869"},{"key":"2025121518574349300_ref095","article-title":"Diffusion models for adversarial purification","author":"Nie","year":"2022","journal-title":"arXiv preprint arXiv:2205.07460"},{"key":"2025121518574349300_ref096","article-title":"DeepFake detection based on the discrepancy between the face and its context","author":"Nirkin","year":"2020","journal-title":"arXiv preprint arXiv:2008.12262"},{"key":"2025121518574349300_ref097","author":"NIST","year":"2016","journal-title":"Nist nimble 2016 datasets."},{"key":"2025121518574349300_ref098","article-title":"On the Limitations of Denoising Strategies as Adversarial Defenses","author":"Niu","year":"2020","journal-title":"arXiv:2012.09384 [cs]"},{"key":"2025121518574349300_ref099","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1109\/WACVW50321.2020.9096940","article-title":"IMD2020: A Large- Scale Annotated Dataset Tailored for Detecting Manipulated Im- ages","author":"Novozamsky","year":"2020","journal-title":"2020 IEEE Winter Applications of Computer Vision Workshops (WACVW)"},{"key":"2025121518574349300_ref100","first-page":"121","article-title":"Towards reverse-engineering black-box neural networks","author":"Oh","year":"2019","journal-title":"Explainable AI: Interpreting, Explaining and Visualizing Deep Learning"},{"key":"2025121518574349300_ref101","first-page":"24480","article-title":"Towards universal fake image detectors that generalize across generative models","author":"Ojha","year":"2023","journal-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition"},{"key":"2025121518574349300_ref102","article-title":"AdvMind: In- ferring Adversary Intent of Black-Box Attacks","author":"Pang","year":"2020","journal-title":"the International Conference on Knowledge Discovery & Data Mining (KDD)"},{"key":"2025121518574349300_ref103","doi-asserted-by":"crossref","first-page":"313","DOI":"10.1145\/1201775.882269","article-title":"Poisson image editing","author":"P\u00e9rez","year":"2003","journal-title":"ACM SIGGRAPH 2003 Papers"},{"key":"2025121518574349300_ref104","article-title":"Efficient neural architecture search via parameters sharing","author":"Pham","year":"2018","journal-title":"ICML"},{"key":"2025121518574349300_ref105","first-page":"1","article-title":"Faceforensics++: Learning to detect manipulated facial images","author":"Rossler","year":"2019","journal-title":"Proceedings of the IEEE\/CVF international con- ference on computer vision"},{"key":"2025121518574349300_ref106","first-page":"4393","article-title":"Deep one-class classifica- tion","author":"Ruff","year":"2018","journal-title":"ICML"},{"key":"2025121518574349300_ref107","article-title":"Disrupting deepfakes: Adversarial attacks against conditional image translation networks and facial manipulation systems","author":"Ruiz","year":"2020","journal-title":"ECCV"},{"key":"2025121518574349300_ref108","article-title":"Adversarial ma- nipulation of deep representations","author":"Sabour","year":"2015","journal-title":"arXiv preprint arXiv:1511.05122"},{"key":"2025121518574349300_ref109","article-title":"Denoised smoothing: A provable defense for pretrained classifiers","author":"Salman","year":"2020","journal-title":"Advances in Neural Information Processing Systems (NeurIPS)"},{"key":"2025121518574349300_ref110","first-page":"18126","article-title":"On the frequency bias of generative models","volume":"34","author":"Schwarz","year":"2021","journal-title":"Advances in Neural Information Processing Systems"},{"key":"2025121518574349300_ref111","article-title":"OGAN: Disrupting Deepfakes with an Adversarial Attack that Survives Training","author":"Segalis","year":"2020","journal-title":"arXiv preprint arXiv:2006.12247"},{"key":"2025121518574349300_ref112","doi-asserted-by":"crossref","DOI":"10.1007\/s11263-019-01228-7","article-title":"Grad-CAM: Visual Explanations from Deep Networks via Gradient-based Localization","author":"Selvaraju","year":"2020","journal-title":"International Journal of Computer Vision"},{"key":"2025121518574349300_ref113","article-title":"Are adversarial examples inevitable?","author":"Shafahi","year":"2020","journal-title":"arXiv:1809.02104 [cs, stat]"},{"key":"2025121518574349300_ref114","article-title":"Online adversarial purification based on self-supervision","author":"Shi","year":"2021","journal-title":"arXiv preprint arXiv:2101.09387"},{"key":"2025121518574349300_ref115","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1109\/SP.2017.41","article-title":"Member- ship inference attacks against machine learning models","author":"Shokri","year":"2017","journal-title":"2017 IEEE symposium on security and privacy (SP)"},{"key":"2025121518574349300_ref116","article-title":"Very Deep Convolutional Networks for Large-Scale Image Recognition","author":"Simonyan","year":"2015","journal-title":"International Conference on Learning Representations (ICLR)"},{"key":"2025121518574349300_ref117","article-title":"Identification of Attack-Specific Signatures in Adversarial Examples","author":"Souri","year":"2021","journal-title":"arXiv preprint arXiv:2110.06802"},{"key":"2025121518574349300_ref118","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.neunet.2020.12.024","article-title":"Robustifying models against adversarial attacks by langevin dynamics","volume":"137","author":"Srinivasan","year":"2021","journal-title":"Neural Networks"},{"key":"2025121518574349300_ref119","first-page":"22424","article-title":"SAFL-Net: Semantic-Agnostic Feature Learning Network with Auxiliary Plu- gins for Image Manipulation Detection","author":"Sun","year":"2023","journal-title":"Proceedings of the IEEE\/CVF International Conference on Computer Vision"},{"key":"2025121518574349300_ref120","article-title":"Re- thinking the Inception Architecture for Computer Vision","author":"Szegedy","year":"2015","journal-title":"CoRR"},{"key":"2025121518574349300_ref121","article-title":"MnasNet: Platform-aware neural architecture search for mobile","author":"Tan","year":"2019","journal-title":"CVPR"},{"key":"2025121518574349300_ref122","first-page":"21253","article-title":".","author":"Thaker","year":"2022","journal-title":"\u2113p"},{"key":"2025121518574349300_ref123","first-page":"1460","article-title":"Modeling multi-label action dependencies for temporal action localization","author":"Tirupattur","year":"2021","journal-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition"},{"key":"2025121518574349300_ref124","article-title":"On adaptive attacks to adversarial example defenses","author":"Tramer","year":"2020","journal-title":"arXiv preprint arXiv:2002.08347"},{"key":"2025121518574349300_ref125","first-page":"601","article-title":"Stealing machine learning models via prediction {APIs}","author":"Tram\u00e8r","year":"2016","journal-title":"25th USENIX security symposium (USENIX Security 16)"},{"key":"2025121518574349300_ref126","first-page":"1973","article-title":"Interpretable and Trustworthy Deepfake Detection via Dynamic Prototypes","author":"Trinh","year":"2021","journal-title":"WACV"},{"key":"2025121518574349300_ref127","article-title":"Graph attention networks","author":"Veli\u010dkovi\u0107","year":"2017","journal-title":"arXiv preprint arXiv:1710.10903"},{"key":"2025121518574349300_ref128","first-page":"29","article-title":"Match- ing networks for one shot learning","author":"Vinyals","year":"2016","journal-title":"Advances in neural information processing systems"},{"key":"2025121518574349300_ref129","article-title":"The Alliance of Democracies Foundation","author":"Waldemarsson","year":"2020"},{"key":"2025121518574349300_ref130","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1109\/SP.2018.00038","article-title":"Stealing hyperparameters in machine learning","author":"Wang","year":"2018","journal-title":"2018 IEEE symposium on security and privacy (SP)"},{"key":"2025121518574349300_ref131","doi-asserted-by":"crossref","first-page":"707","DOI":"10.1109\/SP.2019.00031","article-title":"Neural cleanse: Identifying and mitigating backdoor attacks in neural networks","author":"Wang","year":"2019","journal-title":"2019 IEEE Symposium on Security and Privacy (SP)"},{"key":"2025121518574349300_ref132","first-page":"2364","article-title":"Objectformer for image manipulation detection and localization","author":"Wang","year":"2022","journal-title":"CVPR"},{"key":"2025121518574349300_ref133","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1007\/978-3-030-58601-0_14","article-title":"Practical detection of trojan neural networks: Data-limited and data-free cases","author":"Wang","year":"2020","journal-title":"Computer Vision\u2013ECCV 2020: 16th European Conference, Glasgow, UK, August 23\u201328, 2020, Proceedings, Part XXIII 16"},{"key":"2025121518574349300_ref134","article-title":"Fake- Tagger: Robust Safeguards against DeepFake Dissemination via Provenance Tracking","author":"Wang","year":"2021","journal-title":"ACMM"},{"key":"2025121518574349300_ref135","first-page":"8695","article-title":"CNN-generated images are surprisingly easy to spot... for now","author":"Wang","year":"2020","journal-title":"CVPR"},{"key":"2025121518574349300_ref136","first-page":"7794","article-title":"Non-local neural networks","author":"Wang","year":"2018","journal-title":"Proceedings of the IEEE conference on computer vision and pattern recognition"},{"key":"2025121518574349300_ref137","article-title":"CAN MA- CHINE TELL THE DISTORTION DIFFERENCE? A REVERSE ENGINEERING STUDY OF ADVERSARIAL ATTACKS","author":"Wang","year":"2023"},{"issue":"2","key":"2025121518574349300_ref138","doi-asserted-by":"crossref","DOI":"10.1145\/3439723","article-title":"Generative Adversarial Networks in Computer Vision: A Survey and Taxonomy","volume":"54","author":"Wang","year":"2021","journal-title":"ACM Computing Surveys"},{"key":"2025121518574349300_ref139","doi-asserted-by":"crossref","first-page":"161","DOI":"10.1109\/ICIP.2016.7532339","article-title":"COVERAGE\u2014A novel database for copy-move forgery de- tection","author":"Wen","year":"2016","journal-title":"2016 IEEE international conference on image processing (ICIP)"},{"key":"2025121518574349300_ref140","article-title":"Fast is better than free: Revisiting adversarial training","author":"Wong","year":"2020","journal-title":"International Conference on Learning Representations (ICLR)"},{"key":"2025121518574349300_ref141","first-page":"9543","article-title":"Mantra-net: Manipulation tracing network for detection and localization of image forgeries with anomalous features","author":"Wu","year":"2019","journal-title":"CVPR"},{"key":"2025121518574349300_ref142","article-title":"Improving transferability of adversarial examples with in- put diversity","author":"Xie","year":"2019","journal-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR)"},{"key":"2025121518574349300_ref143","article-title":"Structured Adversarial Attack: Towards General Implementation and Better Interpretability","author":"Xu","year":"2019","journal-title":"International Conference on Learning Representations (ICLR)"},{"key":"2025121518574349300_ref144","doi-asserted-by":"crossref","first-page":"649","DOI":"10.1007\/978-3-030-58589-1_39","article-title":"Attention-driven dynamic graph convolutional network for multi-label image recog- nition","author":"Ye","year":"2020","journal-title":"Computer Vision\u2013ECCV 2020: 16th European Confer- ence, Glasgow, UK, August 23\u201328, 2020, Proceedings, Part XXI 16"},{"key":"2025121518574349300_ref145","article-title":"Disrupt- ing image-translation-based deepfake algorithms with adversarial attacks","author":"Yeh","year":"2020","journal-title":"WACVW"},{"key":"2025121518574349300_ref146","first-page":"12062","article-title":"Adversarial purification with score-based generative models","author":"Yoon","year":"2021","journal-title":"International Conference on Machine Learning"},{"key":"2025121518574349300_ref147","first-page":"7556","article-title":"Attributing fake images to GANs: Learning and analyzing GAN fingerprints","author":"Yu","year":"2019","journal-title":"ICCV"},{"key":"2025121518574349300_ref148","first-page":"6023","article-title":"Cutmix: Regularization strategy to train strong classifiers with localizable features","author":"Yun","year":"2019","journal-title":"Proceedings of the IEEE\/CVF International Conference on Computer Vision"},{"key":"2025121518574349300_ref149","first-page":"22390","article-title":"Towards Generic Image Manipulation Detection with Weakly-Supervised Self-Consistency Learning","author":"Zhai","year":"2023","journal-title":"Proceedings of the IEEE\/CVF In- ternational Conference on Computer Vision"},{"key":"2025121518574349300_ref150","first-page":"7354","article-title":"Self- attention generative adversarial networks","author":"Zhang","year":"2019","journal-title":"International confer- ence on machine learning"},{"issue":"7","key":"2025121518574349300_ref151","doi-asserted-by":"crossref","first-page":"3142","DOI":"10.1109\/TIP.2017.2662206","article-title":"Beyond a gaussian denoiser: Residual learning of deep cnn for image denoising","volume":"26","author":"Zhang","year":"2017","journal-title":"IEEE transactions on image processing"},{"key":"2025121518574349300_ref152","first-page":"1","article-title":"Detecting and simulating artifacts in gan fake images","author":"Zhang","year":"2019","journal-title":"2019 IEEE international workshop on information forensics and security (WIFS)"},{"key":"2025121518574349300_ref153","article-title":"Learning self-consistency for deepfake detection","author":"Zhao","year":"2021","journal-title":"CVPR"},{"key":"2025121518574349300_ref154","first-page":"22346","article-title":"Pre-training-free Image Manipulation Localization through Non- Mutually Exclusive Contrastive Learning","author":"Zhou","year":"2023","journal-title":"Proceedings of the IEEE\/CVF International Conference on Computer Vision"},{"key":"2025121518574349300_ref155","article-title":"On Trace of PGD-Like Adversarial Attacks","author":"Zhou","year":"2022","journal-title":"arXiv preprint arXiv:2205.09586"},{"key":"2025121518574349300_ref156","article-title":"Generate, segment, and refine: Towards generic manipulation segmentation","author":"Zhou","year":"2020","journal-title":"AAAI"},{"key":"2025121518574349300_ref157","doi-asserted-by":"crossref","first-page":"1831","DOI":"10.1109\/CVPRW.2017.229","article-title":"Two- stream neural networks for tampered face detection","author":"Zhou","year":"2017","journal-title":"2017 IEEE conference on computer vision and pattern recognition workshops (CVPRW)"},{"key":"2025121518574349300_ref158","first-page":"1053","article-title":"Learning rich features for image manipulation detection","author":"Zhou","year":"2018","journal-title":"Proceedings of the IEEE conference on computer vision and pattern recognition"},{"key":"2025121518574349300_ref159","article-title":"Unpaired Image- to-Image Translation using Cycle-Consistent Adversarial Networks","author":"Zhu","year":"2017","journal-title":"ICCV"}],"container-title":["Foundations and Trends\u00ae in Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/ftsec\/article-pdf\/6\/2\/53\/11046507\/3300000039en.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/ftsec\/article-pdf\/6\/2\/53\/11046507\/3300000039en.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,15]],"date-time":"2025-12-15T23:58:04Z","timestamp":1765843084000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/ftsec\/article\/6\/2\/53\/1328585\/Reverse-Engineering-of-Deceptions-on-Machine-and"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,26]]},"references-count":159,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,3,26]]}},"URL":"https:\/\/doi.org\/10.1561\/3300000039","relation":{},"ISSN":["2474-1558","2474-1566"],"issn-type":[{"value":"2474-1558","type":"print"},{"value":"2474-1566","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,26]]}}}